Debian 10 Buster DLA-3265-1: Exiv2 Memory Violations Severity Moderate
debian lts
January 10, 2023
This update fixes a number of memory access violations and other input validation failures that can be triggered by passing specially crafted files to exiv2
Summary
CVE-2017-11591
There is a Floating point exception in the Exiv2::ValueType function that
will lead to a remote denial of service attack via crafted input.
CVE-2017-14859
An Invalid memory address dereference was discovered in
Exiv2::StringValueBase::read in value.cpp. The vulnerability causes a
segmentation fault and application crash, which leads to denial of service.
CVE-2017-14862
An Invalid memory address dereference was discovered in
Exiv2::DataValue::read in value.cpp. The vulnerability causes a
segmentation fault and application crash, which leads to denial of service.
CVE-2017-14864
An Invalid memory address dereference was discovered in Exiv2::getULong in
types.cpp. The vulnerability causes a segmentation fault and application
crash, which leads to denial of service.
CVE-2017-17669
There is a heap-based buffer over-read in the
Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A
PREVIOUS
NEXT
Package: exiv2
Version: 0.25-4+deb10u4
CVE ID: CVE-2017-11591 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864
Debian Bug: 876893 885981 886006 903813 910060 913272 913273 915135
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!